-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The bad news is that it consumes ~15% CPU capacity on 7200 class routers, and leaves open TCP sessions on the servers it is protecting. This is because the router must allow the SYN to pass and the session to be established before it can see the request URL. Then it cuts the session off at the knees, and does not sent a RST to the server, whose session is left hanging until the stack times it out. This "cure" can cause problems worse than the disease. I advise extreme caution to anyone trying this. > -----Original Message----- > From: Randall S. Benn [mailto:rbennat_private] > Sent: Tuesday, August 07, 2001 3:31 PM > To: incidentsat_private > Subject: New Method for Blocking Code Red and Similar Exploits > > > A new method for blocking Code Red and similar exploits that use > HTTP GET requests has been published. The method uses new > capabilities within Cisco IOS software. Read the on-line advisory at: > > http://iponeverything.net/CodeRed.html > > The beauty of this solution is that it can be used to block Code > Red infections today and can be easily modified with new > signatures in the future using the HTTP sub-port classification > mechanism in IOS. > > Randy > > > ------------------------------------------------------------------ > ---------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO3G43EksS4VV8BvHEQJv/QCgyaEcRqBCprySfCQ2/HrR06uAf6wAnRtT WG34/0xdzaRlADizG+meoYor =y8p9 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:39:06 PDT